def delete(self, **kwargs):
result = {
'code': 400,
'message': 'bad request'
}
# check user validation
if self.get_user() is None:
result['code'] = 401
result['message'] = 'unauthorized'
return self.createRes(401, result)
uid = int(kwargs.get('uid'))
if uid != self.get_user().get('uid'):
result['code'] = 401
result['message'] = 'unauthorized'
return self.createRes(401, result)
# get user info
user = Users.get(id=uid)
connections = Connections.find(user.key)
# delete connection info
for connection in connections:
connection.key.delete()
# delete user info
user.key.delete()
self.session.clear()
result['code'] = 200
result['message'] = 'OK'
return self.createRes(200, result)
def post(self, **kwargs):
result = {
'code' : 400,
'message' : 'bad request'
}
uid = self.get_user().get('uid') if self.get_user() else None
if uid is None:
result['code'] = 401
result['message'] = 'not authorized'
return self.createRes(401, result)
if self.arguments.get('type') in ['notice', 'faq'] and self.get_user().get('admin') is None:
result['code'] = 401
result['message'] = 'not authorized'
return self.createRes(401, result)
owner = Users.get(id=self.get_user().get('uid'))
board = Boards(auto_id=True)
for item in self.arguments:
setattr(board, item, self.arguments.get(item))
board.service = kwargs.get('service')
board.owner = owner.key
board.put()
result['code'] = 200
result['Board'] = board.to_obj()
result['message'] = 'OK'
return self.createRes(result['code'], result)
def post(self):
self.set_header("Content-Type", "application/json")
oldPassword = self.get_argument("oldPassword", '')
newPassword = self.get_argument("newPassword", '')
newPassword2 = self.get_argument("newPassword2", '')
if oldPassword and newPassword and newPassword2:
if newPassword == newPassword2:
username = self.get_secure_cookie('username')
old_user = Users.get_by_name_or_email(username)
oldPassword = md5(
oldPassword.encode('utf-8') +
old_user.salt.encode('utf-8')).hexdigest()
if oldPassword == old_user.password:
Users.update(username, None, newPassword)
user = Users.get(old_user.id)
self.set_secure_cookie('userpw',
user.password,
expires_days=1)
self.write(escape.json.dumps("OK"))
return
else:
self.write(escape.json.dumps("更新用户失败!"))
pass
self.write(escape.json.dumps("请认真填写必填项!"))
return
def get(self):
act = self.get_argument("act", '').encode('utf-8')
user_id = self.get_argument("id", '').encode('utf-8')
obj = None
if act == 'add':
obj = Users
obj.user_id = ''
obj.user_name = ''
obj.email = ''
obj.status = 1
self.echo('admin_user_edit.html', {
'title': "添加用户",
'method': "/admin/users?act=add",
'obj': obj,
},
layout='_layout_admin.html')
return
elif act == 'edit':
if user_id:
obj = Users.get(user_id)
self.echo('admin_user_edit.html', {
'title': "编辑用户",
'method': "/admin/users?act=edit",
'obj': obj,
},
layout='_layout_admin.html')
return
elif act == 'del':
if user_id:
Users.delete(user_id)
clear_cache_by_pathlist(['/'])
self.set_header("Content-Type", "application/json")
self.write(json.dumps("OK"))
return
# 用户列表
page = self.get_argument("page", 1)
category = Users.get_paged(page, getAttr('ADMIN_USER_NUM'))
total = math.ceil(Users.count_all() / float(getAttr('ADMIN_USER_NUM')))
if page == 1:
self.echo('admin_user_list.html', {
'title': "用户列表",
'objs': category,
'obj': obj,
'total': total,
},
layout='_layout_admin.html')
else:
result = {
'list': category,
'total': total,
}
self.set_header("Content-Type", "application/json")
self.write(json.dumps(result, default=dthandler))
return
def get(self):
act = self.get_argument("act", '').encode('utf-8')
user_id = self.get_argument("id", '').encode('utf-8')
obj = None
if act == 'add':
obj = Users
obj.user_id = ''
obj.user_name = ''
obj.email = ''
obj.status = 1
self.echo('admin_user_edit.html', {
'title': "添加用户",
'method': "/admin/users?act=add",
'obj': obj,
}, layout='_layout_admin.html')
return
elif act == 'edit':
if user_id:
obj = Users.get(user_id)
self.echo('admin_user_edit.html', {
'title': "编辑用户",
'method': "/admin/users?act=edit",
'obj': obj,
}, layout='_layout_admin.html')
return
elif act == 'del':
if user_id:
Users.delete(user_id)
clear_cache_by_pathlist(['/'])
self.set_header("Content-Type", "application/json")
self.write(json.dumps("OK"))
return
# 用户列表
page = self.get_argument("page", 1)
category = Users.get_paged(page, getAttr('ADMIN_USER_NUM'))
total = math.ceil(Users.count_all() / float(getAttr('ADMIN_USER_NUM')))
if page == 1:
self.echo('admin_user_list.html', {
'title': "用户列表",
'objs': category,
'obj': obj,
'total': total,
}, layout='_layout_admin.html')
else:
result = {
'list': category,
'total': total,
}
self.set_header("Content-Type", "application/json")
self.write(json.dumps(result, default=dthandler))
return
def deactivate(self, **kwargs):
result = {
'code': 400,
'message': 'bad request'
}
if self.get_user() is None:
result['code'] = 401
result['message'] = 'unauthorized'
elif self.get_user().get('uid') != int(kwargs.get('uid')):
result['code'] = 401
result['message'] = 'unauthorized'
else:
# get user info
user = Users.get(id=self.get_user().get('uid'))
connections = Connections.find(user.key)
# delete connection info
for connection in connections:
connection.key.delete()
# delete user info
user.key.delete()
self.session.clear()
result['code'] = 200
result['message'] = 'OK'
if result['code'] == 200:
if self.arguments.get('returnTo', None):
return self.redirect(str(self.arguments.get('returnTo')))
else:
result['code'] = 200
result['message'] = 'OK'
return self.createRes(200, result)
else:
if self.arguments.get('returnTo', None):
options = {
'returnTo': self.arguments.get('returnTo'),
'message': result['message']
};
if self.get_user():
options['uid'] = self.get_user().get('uid')
template = JINJA_ENVIRONMENT.get_template(self.arguments.get('dialog'))
return self.response.write(template.render(options))
else:
return self.createRes(401, result)
def get(self, **kwargs):
result = {
'code' : 400,
'message' : 'bad request'
}
service = kwargs.get('service')
type = kwargs.get('type')
category = self.arguments.get('category')
owner = None
if type == 'qna' and self.get_user():
owner = Users.get(id=self.get_user().get('uid')).key
result['Boards'] = self.listToObject(Boards.find(service, type, category, owner=owner))
result['code'] = 200
result['message'] = 'OK'
return self.createRes(result['code'], result)
def devices(self, **kwargs):
result = {
'code': 400,
'message': 'bad request'
}
device_args = ['deviceId', 'appName', 'regId']
# check parameter validation
if len(set(self.arguments) & set(device_args)) != len(device_args):
result['code'] = 400
result['message'] = 'bad request'
return self.createRes(400, result)
if 'deviceInfo' not in self.session:
self.session['deviceInfo'] = {}
self.session['deviceInfo'] = {
'deviceId': self.arguments.get('deviceId'),
'appName': self.arguments.get('appName'),
'regId': self.arguments.get('regId')
}
device_key = ndb.Key('Devices', '%s|%s' % (self.arguments.get('appName'), self.arguments.get('deviceId')))
device = device_key.get()
if device is None:
device = Devices(key=device_key)
device.regId = self.arguments.get('regId')
device.appName = self.arguments.get('appName')
device.deviceId = self.arguments.get('deviceId')
elif device.regId != self.arguments.get('regId'):
device.regId = self.arguments.get('regId')
if self.get_user():
user = Users.get(id=self.get_user().get('uid'))
device.user = user.key
result['User'] = user.to_obj(mine=True)
device.put()
result['code'] = 200
return self.createRes(200, result)
def post(self):
self.set_header("Content-Type", "application/json")
oldPassword = self.get_argument("oldPassword", '')
newPassword = self.get_argument("newPassword", '')
newPassword2 = self.get_argument("newPassword2", '')
if oldPassword and newPassword and newPassword2:
if newPassword == newPassword2:
username = self.get_secure_cookie('username')
old_user = Users.get_by_name_or_email(username)
oldPassword = md5(oldPassword.encode('utf-8') + old_user.salt.encode('utf-8')).hexdigest()
if oldPassword == old_user.password:
Users.update(username, None, newPassword)
user = Users.get(old_user.id)
self.set_secure_cookie('userpw', user.password, expires_days=1)
self.write(escape.json.dumps("OK"))
return
else:
self.write(escape.json.dumps("更新用户失败!"))
pass
self.write(escape.json.dumps("请认真填写必填项!"))
return
def action(self, **kwargs):
result = {
'code': 400,
'message': 'bad request'
}
cid = int(kwargs.get('cid', 0))
url = kwargs.get('url')
action = kwargs.get('action')
if not self.get_user():
result['code'] = 401
result['message'] = 'not allowed'
return self.createRes(401, result)
user = Users.get(id=self.get_user().get('uid'))
comment = Comments.get(id=cid)
if action in ['like', 'unlike']:
like = Likes.find(ndb.Key(Users, self.get_user().get('uid')), [comment.key])
if len(like) > 0 and action == 'unlike':
like[0].key.delete()
elif len(like) == 0 and action == 'like':
like = Likes(auto_id=True)
like.user = user.key
like.target = comment.key
like.put()
else:
result['code'] = 500
result['message'] = 'internal error'
return self.createRes(500, result)
comment.likeCount = int(comment.likeCount if comment.likeCount else 0) + (1 if action == 'like' else -1)
comment.put()
result['code'] = 200
result['message'] = 'OK'
result['Comment'] = comment.to_obj()
return self.createRes(200, result)
except AttributeError, e1:
result['code'] = 400
result['message'] = 'bad request'
return self.createRes(401, result)
if not self.get_user():
result['code'] = 401
result['message'] = 'not allowed'
return self.createRes(401, result)
if uid and (uid != self.get_user().get('uid')):
result['code'] = 401
result['message'] = 'not allowed'
return self.createRes(401, result)
author = Users.get(id=uid)
if type(author) == ndb.key.Key:
result['code'] = 401
result['message'] = 'not allowed'
return self.createRes(401, result)
if not hid:
# post new hanasy
arguments = self.arguments
args_require = ['title', 'description']
# check parameter validation
if len(set(arguments) & set(args_require)) != len(args_require):
result['code'] = 400
result['message'] = 'bad request'
return self.createRes(400, result)
try:
uid = self.get_user().get('uid') if kwargs.get('uid') == 'me' else int(kwargs.get('uid', 0))
hid = int(kwargs.get('hid'))
pid = int(kwargs.get('pid', 0))
except ValueError, e:
result['code'] = 400
result['message'] = 'bad request'
return self.createRes(401, result)
if kwargs.get('uid') == 'me' and not self.get_user():
result['code'] = 401
result['message'] = 'not logged in'
return self.createRes(401, result)
author = Users.get(id=uid)
if type(author) == ndb.key.Key:
result['code'] = 401
result['message'] = 'not allowed'
return self.createRes(401, result)
hanasy = Hanasies.get(id=hid, parent=author.key)
if type(hanasy) == ndb.key.Key:
result['code'] = 404
result['message'] = 'not found'
return self.createRes(404, result)
if not pid:
# get all parts in a hanasy
options = {}
for item in self.arguments:
def post(self, **kwargs):
result = {
'code': 400,
'message': 'bad request'
}
# update user info
if kwargs.get('uid'):
if self.get_user() is None:
result['code'] = 401
result['message'] = 'unauthorized'
else:
uid = self.get_user().get('uid')
if kwargs.get('uid') != 'me' and uid != int(kwargs.get('uid')):
result['code'] = 400
result['message'] = 'already exists'
return self.createRes(400, result)
reqInfo = self.arguments
# get user info
user = Users.get(id=uid)
if type(user) == ndb.key.Key:
result['code'] = 400
result['message'] = 'bad request'
else:
# using API, user can modify nickname and picture
available_list = ['nickname', 'picture', 'hanasee', 'language'] + [kwargs.get('attribute')]
reqInfo = []
for field in self.arguments:
if field in available_list:
if hasattr(self.arguments[field], 'FieldStorageClass'):
dtCreated = datetime.datetime.now()
filename = "%d" % (time.mktime(dtCreated.timetuple())*1e3 + dtCreated.microsecond/1e3)
image_url = self.create_file(self.arguments.get(field).value, filename, self.arguments.get(field).type)
setattr(user, field, image_url)
elif field == 'password':
if user.password == md5.md5(self.arguments.get('old_password')).hexdigest():
setattr(user, field, md5.md5(self.arguments.get('password')).hexdigest())
else:
result['code'] = 401
result['message'] = 'invalid password'
else:
setattr(user, field, self.arguments.get(field))
if result['code'] != 401:
user.put()
result['code'] = 200
result['message'] = 'OK'
result['User'] = user.to_obj(mine = True)
else:
arguments = self.arguments
args_regist = ['email', 'password', 'nickname']
# check parameter validation
if len(set(arguments) & set(args_regist)) == len(args_regist):
user = Users.find(self.request.get('email'))
if user:
result['code'] = 401
result['message'] = 'already registered'
#return self.createRes(401, result)
else:
# check password
#md5password = md5.md5(self.arguments.get('password')).hexdigest()
# insert as a new user
user = Users(auto_id=True)
#user.password = md5password
user.password = self.arguments.get('password')
user.set(self.convertRequsetParameter(self.arguments, ['password']))
if ('deviceInfo' in self.session) and (appName in self.session['deviceInfo']):
deviceInfo = self.session['deviceInfo'][self.request.get('appName')]
# save reg_id in user
setattr(user, re.sub('\.', '', self.request.get('appName')), deviceInfo['regId'])
user.put()
# save user in device
device = ndb.Key(Devices, "%s|%s" % (self.request.get('appName'), deviceInfo['deviceId'])).get()
setattr(device, 'user', user.key)
device.put()
self.session['user'] = user.to_obj(mine=True)
result['code'] = 200
result['message'] = 'OK'
if result['code'] == 200:
if self.arguments.get('returnTo', None):
return self.redirect(str(self.arguments.get('returnTo')))
else:
return self.createRes(200, result)
else:
if self.arguments.get('returnTo', None):
options = {
'returnTo': self.arguments.get('returnTo'),
'message': result['message']
};
if self.get_user():
options['uid'] = self.get_user().get('uid')
template = JINJA_ENVIRONMENT.get_template(self.arguments.get('dialog'))
return self.response.write(template.render(options))
else:
return self.createRes(401, result)
uid = self.get_user().get('uid') if kwargs.get('uid') == 'me' else int(kwargs.get('uid', 0))
except ValueError, e:
result['code'] = 400
result['message'] = 'bad request'
return self.createRes(400, result)
except AttributeError, e1:
result['code'] = 400
result['message'] = 'bad request'
return self.createRes(400, result)
if kwargs.get('uid') == 'me' and not self.get_user():
result['code'] = 401
result['message'] = 'not logged in'
return self.createRes(401, result)
user = Users.get(id=int(uid))
me = self.get_user().get('uid') if self.get_user() else None
if type(user) == ndb.key.Key:
# cannot find user
result['code'] = 401
result['message'] = 'invalid uid'
return self.createRes(401, result)
elif user.key.id() == me:
result['code'] = 200
result['message'] = 'OK'
result['User'] = user.to_obj(mine = True)
return self.createRes(200, result)
else:
result['code'] = 200
result['message'] = 'OK'
result['User'] = user.to_obj()